Strong Customer Authentication (SCA) is imperative to improving payment security — if EU regulators and financial institutions (FIs) could only agree on how to implement it. This lack of clarity can leave consumers with a confusing checkout experience across merchants and FIs, says Barclaycard Director of Payment Acceptance Paul Adams. In the latest PSD2 Tracker, he explains why improving consumer awareness is key to realizing SCA’s true potential.
Building out frictionless and secure payment experiences has become challenging for providers facing Strong Customer Authentication (SCA) mandates. Consumers still expect seamless transactions, but some merchants are unprepared to provide them as they struggle to adhere to the new standards.
SCA awareness is thankfully high among the payment service providers (PSPs) tasked with executing and communicating the mandates to businesses and consumers, and these PSPs are working with regulators and other trade groups to develop compliant solutions for retailers. Paul Adams, director of payment acceptance at card acquirer and PSP Barclaycard, noted that payment players must keep convenience top of mind when designing these services. He recently spoke to PYMNTS about how understanding SCA and its implications will be critical to creating speedy experiences.
Many issuing banks in the European Union are enabling quicker transactions by ensuring consumers’ email addresses and mobile phone numbers are up to date, allowing merchants and financial institutions (FIs) to utilize text messaging as a secondary form of SCA-compliant verification. Others are speeding processes by allowing end customers to “whitelist” merchants as trusted vendors and essentially remove the need for further authentication steps. Adams said such moves can help EU-based payments operations adapt to SCA’s rules, even as PSPs question how such regulations affect their individual markets.
“From a consumer perspective, in Europe, we’re already seeing a number of steps [that] are raising awareness of this [SCA] initiative,” he explained. “As well as a compliance initiative, I really see this as a competitive playground for providers at all ends of the spectrum. I believe those that will win out in the long term — both merchants and issuing banks — will provide seamless experiences throughout buyers’ journeys. … We have a long way to go between compliance and frictionless experiences.”
Frictionless Transactions and the SCA Compliance Challenge
EU providers face one unavoidable barrier to enabling compliant, easy and quick transactions: SCA requires more forms of authentication than previous payment regulations.
“The very nature of the legislation requires two factors of authentication,” Adams noted. “So, where that maybe doesn’t exist today, naturally you would see an incremental step in the journey. Many participants are looking at ways to ensure that step is frictionless and uses data that is available within the process to minimize any incremental steps the merchant or the consumer may need to undertake.”
Barclaycard is looking into such solutions as well as examining potential SCA exemptions that can allow merchants to bypass two-factor authentication (2FA) requirements. Many payment players are also collaborating with device and software manufacturers to explore new verification technologies such as facial recognition, fingerprints and other biometric tools — solutions that could allow retailers to provide speedier and more convenient transactions.
Ensuring all parties are aware of the changes will ease customers’ transitions and allow acquirers, issuers and merchants to more quickly update their processes and achieve compliance, Adams said.
“From a market perspective, SCA [and its effects] at an end-user level remain in their infancy,” he explained. “While the deadline has passed, [and while] we are seeing technology providers test and rollout these [authentication] capabilities, what we’re not yet seeing is a significant shift in consumers’ behaviors and interactions. That said, we anticipate that in the next 12 to 18 months, [SCA compliance] will be required and merchants and banks will need to communicate what those journeys will look like for their respective customers.”
Awareness is only half the battle for EU payment players, however. They also must also comprehend how SCA will affect merchants and end customers as both become more familiar with it.
SCA Parity in the EU payments World
SCA’s effects differ across countries and varying governmental bodies, which can create confusion as PSPs and merchants develop compliant solutions.
“Where there is not parity in terms of interpretation and execution, it causes challenges for all stakeholders,” Adams said. “We are a European business, we have merchants across Europe, we have providers [and] suppliers sitting in different markets and our customers accept payments from consumers with banks across Europe. Where you have differing interpretations or different rollout plans, the matrix of outcomes across each of those jurisdictions becomes very significant and very complicated to execute. We have been really advocating for parity, and I believe we are getting very close to that.”
SCA was created to safeguard consumers from fraud, but merchants must still offer satisfying transactions for their end customers. Payment providers and retailers alike must ensure their customers are aware of SCA’s implications so they can become more comfortable with its stricter authentication measures. Many countries are currently taking their own approaches to SCA awareness and compliance, but consolidating their efforts could hold the key to realizing the standard’s true potential.